Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge develop into master for release #3529

Merged
merged 14 commits into from
Oct 18, 2024
Merged

Merge develop into master for release #3529

merged 14 commits into from
Oct 18, 2024

Conversation

sven-dmlr
Copy link
Member

No description provided.

dependabot bot and others added 14 commits September 30, 2024 22:36
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@2dfa201...b36c23c)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
2 - After Github Action release: Merge master back into develop [auto-generated]
* add spring security with oauth to web ui

* implement pull request workflow for gha action and gradle action #3357

* add mb sso to application.yml

* implement oauth config for sechub webui #3406

* make web ui spring security oidc config configurable through env variables #3406

* change variable names in application-webui_oidc.yaml

* remove webflux from web ui project

* implement success handler for redirect after successful o auth workflow in web ui

* add basic and form login to spring security in web ui

* add under construction site to web ui

* set default page to /home in webui

* update README.md in web ui

* clean up build.gradle of webui

* fix formatting in MercedesBenzOAuth2AccessTokenClient

* remove unnecessary pages and controller in webui

* exclude OAuth2Properties with @Profile

* exclude OAuth2Properties with @Profile

* pr fixes

* pr fixes

* pr fixes
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0c45773...3624ceb)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
…/actions/setup-java-4.4.0

Bump actions/setup-java from 4.3.0 to 4.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@692973e...eef6144)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
…/actions/cache-4.1.1

Bump actions/cache from 4.0.2 to 4.1.1
…/actions/checkout-4.2.1

Bump actions/checkout from 4.1.7 to 4.2.1
- Created initial concept for templates and assets #3518
---------

Co-authored-by: Sven <[email protected]>
* remove github action scan folder after index-js is built #3499

* save the github action index.js as sechub-scan.cjs

* save the github action index.js as sechub-scan.cjs

* prevent command injection in sechub-cli.ts

* add doc to shell-cmd-sanitizer.ts

* use whitelist in github action to prevent command injection

* revert action.yml changes temporarily

* pr clean up

* pr clean up

* use child_process execFileSync to pass commands to go client in array

* pass process.env to execFileSync in GitHub Action

* pass process.env to execFileSync in GitHub Action

* update versions used in 01-start.sh github action

* protect against shell arguments that are commands in github actions

* replace potentially dangerous shell command injection code

* use commandExists npm library to check if shell argument is a malicious command

* use commandExists npm library to check if shell argument is a malicious command

* use commandExists npm library to check if shell argument is a malicious command

* fix integration tests

* revert info logs to debug

* revert info logs to debug
- also updated Alpine version
- and fixed a typo
…tion-signals-to-server-process

implemented signal handling for sechub server container #3470
- renamed spring module
- renamed docker solution
@sven-dmlr sven-dmlr merged commit f2188d9 into master Oct 18, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants